SSH Configuration Examples 419
Network diagram
Figure 144 Network diagram of SSH client configuration when using publickey
authentication
Configuration procedure
n
In public key authentication, you can use either RSA or DSA public key. Here takes
the DSA public key as an example.
■ Configure Switch B
# Create a VLAN interface on the switch and assign an IP address, which the
SSH client will use as the destination for SSH connection.
<4210> system-view
[4210] interface vlan-interface 1
[4210-Vlan-interface1] ip address 10.165.87.136 255.255.255.0
[4210-Vlan-interface1] quit
n
Generating the RSA and DSA key pairs on the server is prerequisite to SSH login.
# Generate RSA and DSA key pairs.
[4210] public-key local create rsa
[4210] public-key local create dsa
# Set the authentication mode for the user interfaces to AAA.
[4210] user-interface vty 0 4
[4210-ui-vty0-4] authentication-mode scheme
# Enable the user interfaces to support SSH.
[4210-ui-vty0-4] protocol inbound ssh
# Set the user command privilege level to 3.
[4210-ui-vty0-4] user privilege level 3
[4210-ui-vty0-4] quit
# Specify the authentication type of user client001 as publickey.
[4210] ssh user client001 authentication-type publickey
n
Before doing the following steps, you must first generate a DSA key pair on the
client and save the public key pair in a file named Switch001, and then upload the
file to the SSH server through FTP or TFTP. For details, refer to "Configure Switch
A" below.
# Import the client key pair named Switch001 from the file Switch001.
[4210] public-key peer Switch001 import sshkey Switch001
# Assign the public key Switch001 to user client001.
[4210] ssh user client001 assign publickey Switch001
■ Configure Switch A
Switch B
SSH Server
Switch A
SSH ClientVLAN-Interface 1
10.165.87.137./24
10.165 .87.136 ./24
VLAN-Interface 1
To Next Page
Loading...
